Spin is a popular open-source software verification tool,
used by thousands of people worldwide. The tool can be used for the
formal verification of multi-threaded software applications.
The tool was developed at
Bell Labs in the Unix group of the Computing
Sciences Research Center, starting in 1980.
The software has been available freely since 1991, and
continues to evolve to keep pace with new developments.
In April 2002 the tool was awarded the ACM
System Software Award.
Open Source: Starting with Version 6.4.5 from January 2016,
the Spin sources are available under the standard BSD 3-Clause open source license.
Spin is now also part of the latest stable release of Debian Linux, and
has made it into the 16.10+ distributions of Ubuntu.
24th Spin 2017 Symposium
is co-located with ISSTA-2017 and
held July 13 and 14, 2017, at the University of California at Santa Barbara.
The organizers are Hakan Erdogmus
and Klaus Havelund.
The symposium is held as an ACM SIGSOFT event, with proceedings published by the ACM.
Course: An online course
in software verification and logic model checking is available (password required).
There are a total 15 short lectures covering the automata-theoretic verification
method, the basic use of Spin, model extraction from
C source code, abstraction methods, and swarm verification techniques.
You can see an overview via this link.
An excellent introduction to the basics of model checking.
Interactive Static Analysis:
Take a look at:
where you can find information on a somewhat
different approach to static source code analysis.
The Cobra tool is fast enough to be used interactively
on quite large code bases. Executables to evaluate
the tool are available for Linux, Cygwin/Windows, and Mac.
Tau Tool: A simple front-end tool for Spin, called Tau
(short for Tiny Automata) can be downloaded from:
and is distributed under
by Caltech, as a teaching tool for formal verification and finite automata.
// a small example spin model
// Peterson's solution to the mutual exclusion problem (1981)
bool turn, flag; // the shared variables, booleans
byte ncrit; // nr of procs in critical section
active  proctype user() // two processes
assert(_pid == 0 || _pid == 1);
flag[_pid] = 1;
turn = _pid;
(flag[1 - _pid] == 0 || turn == 1 - _pid);
assert(ncrit == 1); // critical section
flag[_pid] = 0;
// $ spin -run peterson.pml